Apple reveals security specifics of iOS 5.1.1 update

Following the release of Apple's iOS 5.1.1 update for iPhone, iPad and iPod touch, the company refreshed its support webpage regarding the new software's security tweaks which include one Safari browser and two WebKit fixes.

Monday's iOS 5.1.1 rollout brought various bug fixes including HDR reliability and network switching, though the initial release note failed to mention what security changes made on the backend.

Impact: A maliciously crafted website may be able to spoof the address in the location bar

Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in WebKit.

CVE-ID

CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

The fixes take care of an issue first discovered in March that allowed a malicious website to display a custom URL that is different than a website's actual address. The spoofing technique could have been used to trick users into unknowingly handing over sensitive information like credit card numbers.

Originally Posted by I am a Zither Zather Zuzz
In y opinion, apple needs to do MUCH better at protecting iOS users. They are not sophisticated, and so are the perfect candidates for falling prey to these maliciously crafted websites.

I want to see how you backpedal your way out of explaining how that's NOT an insult directed at all users of iOS.

In y opinion, apple needs to do MUCH better at protecting iOS users. Many, if not most of them are not sophisticated, and so are the perfect candidates for falling prey to these maliciously crafted websites.

I want to see how you backpedal your way out of explaining how that's NOT an insult directed at all users of iOS.

I spoke too broadly. Thanks for the comment. I improved the post above in bold.